8 in 10 organizations worry over their internal audit functions

There's no room for incompetence, especially in Singapore.

According to a release, with risk, control and compliance becoming increasingly important in today’s global marketplace, a new global survey of 695 chief audit executives (CAEs) and C-suite executives released by Ernst & Young today reveals that 80% of organizations acknowledge that their internal audit function has room for improvement.

The future of internal audit is now report highlights that 75% of respondents believe strong risk management has a positive impact on their long-term earnings performance and an equal percentage believe that their internal audit function has a positive impact on their overall risk management efforts.

Aligning internal audit strategy to the business
The global survey identifies that the key priorities of both CAEs and stakeholders have clearly shifted from compliance and financial controls to risk coverage and business relevance. Future focus areas becoming more relevant to achieving business objectives cited by respondents include improving the risk assessment process and enhancing the ability to monitor emerging risks. Additionally, reducing overall internal audit function costs without compromising risk coverage and identifying opportunities for cost savings in the business were also cited.

In order to focus on risks that matter, create value and help the organization achieve its objectives, internal audit functions need to align their strategy to that of the overarching organizational strategy. However, 61% of respondents reported that they had no documented mandate that aligns internal audit to the organizational strategy.

Based on observations of the internal audit function in Singapore, Neo Sing Hwee, Advisory Partner, Ernst & Young Advisory Pte. Ltd. says: “Smaller listed companies in Singapore tend to focus more on compliance checks and ensuring that appropriate and adequate policies are in place. Larger companies, on the other hand, want their internal audit function to focus more on risks, and align the internal audit methodology and approach to the overall organizational strategy. Internal audit is expected to consider the risk profile of the entire group, and this includes emerging risks and fraud risks.”

Improve the risk management process
Internal audit risk assessments, regulatory requirements and enterprise risk assessments are the top three drivers of the audit plan, and internal audit is playing a more prominent role in organizational issues, such as major capital projects (49%), IT systems implementations (42%), mergers and acquisitions (37%) and material contracts (32%). Technology also remains a key area of focus for internal audit functions, comprising 18% of the current audit plan.

Improving the risk assessment process is the number one priority of CAEs and stakeholders alike. Identifying risks that are truly significant to the business is the first step to effective risk management and monitoring. Today’s internal audit functions are focused on enterprise-wide risk coverage, leadership engagement and direct linkage to strategy to increase the relevance of the risk assessment. As well, most leading organizations are incorporating a quantitative component.

Forty-six percent of global respondents indicated that their internal audit functions perform annual updates, or none at all, leaving themselves unprepared for events that could crop up throughout the year including transactions, new product launch or retirement, new market entry, patent expiry and litigation.

Commenting on Singapore, Sing Hwee adds: “It is important to ensure that an organization has a structured and robust risk management process and framework where key risks identified are linked to its operations. The key risks should then be incorporated into the internal audit plan, which must be risk-focused and relevant to operations. The results of such an internal audit plan provide the Audit Committee with a pertinent assessment on the strength of the internal control environment, which facilitates them in providing an opinion on the adequacy of internal controls. This is particularly important, given the requirement of the SGX Listing Rule 1207(10) where the Board, with the concurrence of the Audit Committee, is expected to provide an opinion on the adequacy of internal controls taking into consideration the financial, operational and compliance risks faced by the organization.”